Hi, I've just realized that even thought https://pear.php.net/ is available, we are still downloading the install-pear-nozlib.phar via http:// in pear/Makefile.frag and makedist Do you happen to know any reason for keeping it that way or is this only for historical reasons (maybe pear.php.net did not have proper cert or configured to accept traffic on 443 originally when the download process was created) and should be ok to make this more secure(as it would prevent MITM attacks).
What do you think? -- Ferenc Kovács @Tyr43l - http://tyrael.hu
